Hello community, here is the log from the commit of package net-snmp for openSUSE:Factory checked in at 2012-05-16 12:26:12 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/net-snmp (Old) and /work/SRC/openSUSE:Factory/.net-snmp.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "net-snmp", Maintainer is "lchiqui...@suse.com" Changes: -------- --- /work/SRC/openSUSE:Factory/net-snmp/net-snmp.changes 2012-04-17 22:00:16.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.net-snmp.new/net-snmp.changes 2012-05-16 12:26:24.000000000 +0200 @@ -1,0 +2,6 @@ +Mon May 14 17:39:17 UTC 2012 - lchiqui...@suse.com + +- fix array index error that could lead to a crash (CVE-2012-2141) + (bnc#759352) + +------------------------------------------------------------------- New: ---- net-snmp-5.7.1-fix-array-index-error.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ net-snmp.spec ++++++ --- /var/tmp/diff_new_pack.PXJxKf/_old 2012-05-16 12:26:26.000000000 +0200 +++ /var/tmp/diff_new_pack.PXJxKf/_new 2012-05-16 12:26:26.000000000 +0200 @@ -76,6 +76,7 @@ Patch21: net-snmp-5.7.1-more-robust-handling-of-agentx-errors.patch Patch22: net-snmp-5.7.1-report-problems-with-setundo-processing.patch Patch23: net-snmp-5.7.1-fix-snmpd-crashing-when-an-agentx-disconnects.patch +Patch24: net-snmp-5.7.1-fix-array-index-error.patch # Summary: SNMP Daemon License: BSD-3-Clause ; MIT @@ -237,6 +238,7 @@ %patch21 -p1 %patch22 -p1 %patch23 -p1 +%patch24 -p1 %build MIBS="misc/ipfwacc ucd-snmp/diskio etherlike-mib rmon-mib velocity smux \ ++++++ net-snmp-5.7.1-fix-array-index-error.patch ++++++ commit 4c5633f1603e4bd03ed05c37d782ec8911759c47 Author: Robert Story <rst...@freesnmp.com> Date: Mon May 14 11:40:06 2012 -0400 NEWS: snmp: BUG: 3526549: CVE-2012-2141 Array index error leading to crash Index: net-snmp-5.7.1/agent/mibgroup/agent/extend.c =================================================================== --- net-snmp-5.7.1.orig/agent/mibgroup/agent/extend.c +++ net-snmp-5.7.1/agent/mibgroup/agent/extend.c @@ -1209,7 +1209,7 @@ _extend_find_entry( netsnmp_request_info * ...and check the line requested is valid */ line_idx = *table_info->indexes->next_variable->val.integer; - if (eptr->numlines < line_idx) + if (line_idx < 1 || line_idx > eptr->numlines) return NULL; } } @@ -1380,6 +1380,10 @@ handle_nsExtendOutput2Table(netsnmp_mib_ * Determine which line we've been asked for.... */ line_idx = *table_info->indexes->next_variable->val.integer; + if (line_idx < 1 || line_idx > extension->numlines) { + netsnmp_set_request_error(reqinfo, request, SNMP_NOSUCHINSTANCE); + continue; + } cp = extension->lines[line_idx-1]; /* -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org